Quản lý API KeyGuide to creating an API KEY

Guide to creating an API KEY

Tạ Quốc Thắng·6/2/2026

The API Key allows external applications to authenticate and call Alohub's APIs. Each API Key is associated with a tenant account and can limit access scopes as needed.

Note: The API Key is only displayed once after creation. Please copy and store it in a safe place immediately. If the key is lost, you need to regenerate a new key.

Guide to creating an API Key on the interface

Step 1: Access the API Keys page

From the left menu, select Integration API Keys . The API Keys management page will display a list of created keys.

Step 2: Open the API Key creation form

Click the Create new API Key button in the upper right corner. A dialog will open with the required information fields.

Step 3: Fill in the information

Field

Required

Description

API Key Name

Yes

Name it to identify its purpose. For example: "CRM Integration", "HubSpot Sync"

Access Scopes

Yes

Select at least 1 scope. Tick the checkboxes corresponding to the permissions needed (see the Scopes table below)

Duration

No

Select the validity period: Unlimited , 30 days , 90 days , or 1 year

Step 4: Confirm creation

Click the Create API Key button to complete. The system will display a dialog containing the value of the newly created API Key.

Step 5: Copy and store the API Key

The dialog that appears will contain the full value of the API Key. Click the Copy button to copy the key to the clipboard, then store it in a safe place (environment variable, vault, password manager).

Warning: This key will not be displayed again after you close the dialog. If you close it without copying, you will need to regenerate a new key.

After saving the key, click Saved, close to complete.

Access Scopes Table

Scope

Description

callcenter

Access to call API, recording, agent status

campaign

Manage autocall campaigns, SMS

contacts

Read/write customer contacts, leads

reports

Access reports and statistics

Manage API Key after creation

After successful creation, the API Key will appear in the list table with the following information:

  • Name — the name you set during creation

  • API Key — the masked key value, with a copy button for quick copying

  • Scopes — the granted scopes, displayed as colored tags

  • Status Active (green) or Inactive

  • Creation Date — the time the key was created

  • Last Used — the time the API was last called using this key

Click the (menu) icon at the end of each row to access actions: Regenerate key or Revoke key. Create API Key via API


POST

Besides the interface, you can create an API Key by directly calling this endpoint. /api/v1.0/integration/api-keys

Headers

Type

Required

Description

string

Authorization

Yes

Authentication token. Format:

string Bearer {{token}}

Content-Type

Yes

Body Parameters

application/json

Parameter

Type

Required

Description

string

name

Yes

Identifier name for the API Key (e.g., "CRM Integration Key")

string[]

scopes

Yes

List of access scopes. Valid values:

, callcenter, campaign, contactsnumber | null reports

expiresInDays

No

Number of days the key is valid. Suggested values:

, 30, 90. To 365if unlimited nullSample Code

Successful Response

curl -X POST "{{protocol}}://{{host}}:{{port}}/api/v1.0/integration/api-keys" \
  -H "Authorization: Bearer {{token}}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Key tích hợp CRM",
    "scopes": ["callcenter", "contacts"],
    "expiresInDays": 90
  }'
const axios = require('axios')

const response = await axios.post(
  '{{protocol}}://{{host}}:{{port}}/api/v1.0/integration/api-keys',
  {
    name: 'Key tích hợp CRM',
    scopes: ['callcenter', 'contacts'],
    expiresInDays: 90
  },
  {
    headers: {
      'Authorization': 'Bearer {{token}}',
      'Content-Type': 'application/json'
    }
  }
)

// Lưu ý: key chỉ trả về 1 lần duy nhất — lưu ngay
console.log('API Key:', response.data.key)
import requests

url = '{{protocol}}://{{host}}:{{port}}/api/v1.0/integration/api-keys'
headers = {
    'Authorization': 'Bearer {{token}}',
    'Content-Type': 'application/json'
}
payload = {
    'name': 'Key tích hợp CRM',
    'scopes': ['callcenter', 'contacts'],
    'expiresInDays': 90
}

response = requests.post(url, json=payload, headers=headers)

# Lưu ý: key chỉ trả về 1 lần duy nhất — lưu ngay
data = response.json()
print('API Key:', data['key'])

HTTP

Response Description 200 OK

{
  "id": "key_abc123def456",
  "name": "Key tích hợp CRM",
  "key": "alo_k_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "scopes": ["callcenter", "contacts"],
  "createdAt": "2026-04-07T10:30:00.000Z"
}

Field

Type

Description

string

id

Unique identifier ID of the API Key

string

name

Name of the API Key set

string

key

Full API Key value —

returned only once string[]

scopes

List of granted scopes

string

createdAt

Creation time (ISO 8601)

Common Errors

HTTP Code

Cause

How to handle

Missing

400

or nameempty scopesCheck the request body for all required fields

Invalid or expired token

401

Retrieve a new authentication token

Account does not have permission to create API Key

403

Contact Alohub

for permission API Key name already exists

409

Rename to a different key or delete the old key with the same name

Security:

Do not share the API Key via email, chat, or store it in source code. Use environment variables to manage the key in your application. Không chia sẻ API Key qua email, chat hoặc lưu trong source code. Sử dụng biến môi trường (environment variables) để quản lý key trong ứng dụng của bạn.

Related Articles

Was this article helpful?
Updated: 6/2/2026
để chuyển bài